Best practice rules for Amazon Elastic Kubernetes Service (EKS)
Trend Micro Cloud One™ – Conformity monitors Amazon Elastic Kubernetes Service (EKS) with the following rules:
- EKS Security Groups
Ensure that AWS EKS security groups are configured to allow incoming traffic only on TCP port 443.
- Enable Envelope Encryption for EKS Kubernetes Secrets
Ensure that envelope encryption of Kubernetes secrets using Amazon KMS is enabled.
- Kubernetes Cluster Logging
Ensure that EKS control plane logging is enabled for your Amazon EKS clusters.
- Kubernetes Cluster Version
Ensure that the latest version of Kubernetes is installed on your Amazon EKS clusters.
- Monitor Amazon EKS Configuration Changes
Amazon EKS configuration changes have been detected within your Amazon Web Services account.
- Publicly Accessible Cluster Endpoints
Ensure that AWS EKS cluster endpoint access is not public and prone to security risks.